[Dshield] Question on appropriate university research
tonni at hetnet.nl
Tue Sep 18 13:14:52 GMT 2007
Tom skrev, on 18-09-2007 03:38:
> We were probed by a machine on CMU's network weekly on port 22. We
> reported this to CMU abuse and received the following response:
> Now, this "SSH scanning" project looks just like a bot net searching
> for hosts to attack later from my machines viewpoint.
> Don't you think that this is at best ill advised without contacting
> the IP block owners? Further what they're trying to sample is not
> what they are sampling but thats another story.
> Your comments and inputs are appreciate because I think this guys PHD
> Advisor is way out of line to condone this activity.
Personally, I feel that you're overreacting, but then that depends on
what sort of a scan it was. I'd have no compunction about letting a full
open port nmap stealth scan run on any machine on the Internet I choose,
but there's no way I'd ever try abusing any one of those open ports.
Start getting worried when people repeatedly try ssh logins on your port
22 and really worry when you see dictionary attacks.
If I were paid €0.10 for every attempt I see on my open port 22
(iptables), I'd be ... But I confine allowed logins to specific source
IP numbers and identities.
Email: tonni at hetnet dot nl
More information about the list